CVE-2025-58246Sensitive Info Insertion into Sent Data in Wordpress

CWE-201Sensitive Info Insertion into Sent Data5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 89.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wordpress
Timeline
PublishedSep 23

Description

Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

Debianwordpress/wordpress< 5.7.14+dfsg1-0+deb11u1+3
CVEListV5wordpress/wordpress6.86.8.2+21

🔴Vulnerability Details

3
CVEList
WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability2025-09-23
GHSA
GHSA-9cxg-grmq-54mq: Insertion of Sensitive Information Into Sent Data vulnerability in Automattic WordPress allows Retrieve Embedded Sensitive Data2025-09-23
OSV
CVE-2025-58246: Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data2025-09-23

📋Vendor Advisories

1
Debian
CVE-2025-58246: wordpress - Insertion of Sensitive Information Into Sent Data vulnerability in WordPress all...2025